Recent posts by Christof Dallermasslhttp://sourceforge.net/u/cdaller/Recent posts by Christof DallermasslenWed, 17 Apr 2013 18:13:28 -0000Home modified by Christof Dallermasslhttp://sourceforge.net/p/gpsmap/wiki/Home/<div class="markdown_content"><p>Welcome to your wiki!</p>
<p>This is the default page, edit it as you see fit. To add a new page simply reference it within brackets, e.g.: <span>[SamplePage]</span>.</p>
<p>The wiki uses <a class="" href="/p/gpsmap/wiki/markdown_syntax/">Markdown</a> syntax.</p>
<p><h6>Project Members:</h6><ul class="md-users-list"><li><a href="/u/cdaller/">Christof Dallermassl</a> (admin)</li><li><a href="/u/sambenz/">Samuel Benz</a></li><li><a href="/u/svenboeckelmann/">Sven Boeckelmann</a></li></ul><br />
</p><p><span class="download-button-516ee645e88f3d774ff0744d" style="margin-bottom: 1em; display: block;"></span></p></div>Christof DallermasslWed, 17 Apr 2013 18:13:28 -0000http://sourceforge.netd7f375f3b690f18949f8ef9a273c1a7bdaa1c659WikiPage Home modified by Christof Dallermasslhttp://sourceforge.net/u/cdaller/wiki/Home/Welcome to your wiki!
This is the default page, edit it as you see fit. To add a new page simply reference it within brackets, e.g.: [SamplePage].
The wiki uses [Markdown](/u/cdaller/wiki/markdown_syntax/) syntax.
[[project_admins]]
[[download_button]]
Christof DallermasslWed, 15 Aug 2012 11:49:19 -0000http://sourceforge.net7e4836be4842ec8568626e1b55c059d6e810f598statement.execute executes multiple sql statementshttp://sourceforge.net/p/hsqldb/bugs/1200/<div class="markdown_content"><p>The statement.execute(String) method executes multiple sql statements separated by semicolon. This might allow sql code to be injected into a sadly programmed application. </p>
<p>Example (modified from sample directory):<br />
Class.forName("org.hsqldb.jdbc.JDBCDriver");<br />
Connection conn = DriverManager.getConnection("jdbc:hsqldb:db_file","SA","");<br />
Statement st = conn.createStatement(); <br />
st.executeUpdate("CREATE TABLE sample_table ( id INTEGER IDENTITY, str_col VARCHAR(256), num_col INTEGER)");<br />
st.executeUpdate("INSERT INTO sample_table(str_col,num_col) VALUES('Ford', 100)");<br />
st.executeUpdate("INSERT INTO sample_table(str_col,num_col) VALUES('Toyota', 200)");</p>
<p>// execute multiple sql statements in one execute call:<br />
st.execute("SELECT * FROM sample_table; update sample_table set num_col=500 where str_col='Ford'");</p>
<p>st.execute("SHUTDOWN");<br />
conn.close();</p>
<p>Please do not understand me wrong: There might be some space for interpretation in the jdbc specification of the Statement interface. So this behavior might be ok in the sense of the specs. BUT: an app that uses code like this:<br />
String sql = "select * from foo where bar = '" + user_input + '";<br />
stmt.execute(sql);<br />
is vulnerable for sql-injection if the user inputs some thing like this:<br />
baz' ; update foo set bar = 'evil value</p>
<p>As this is bad programming it might not be the problem of hsqldb either! <br />
BUT: for example the oracle jdbc driver does not allow mutliple statements in the Statement.execute method. This adds an additional level of security that hsqldb is not having.<br />
I stumbled across this behavior when working with owasp's webgoat intrusion example webapp and was quite shocked to find a way to add update/insert statements into a read-only application. I had not thought that this was possible.</p>
<p>So if this is intentional behavior, please think about its usefulness in comparison to the security impact. If it is a bug, please fix it :-)</p></div>Christof DallermasslThu, 05 Jan 2012 07:57:25 -0000http://sourceforge.net169ac9ba1a22eb4e13bc42e216fda1d7dd858487Switch from cvs to subversionhttp://sourceforge.net/p/gpsmap/news/2008/03/switch-from-cvs-to-subversion/<div class="markdown_content"><p>Finally, I moved the version control vom cvs to subversion. CVS data is still available but new code will not be added into it! So if you are interested in new code, please adopt your repository setings!</p></div>Christof DallermasslMon, 24 Mar 2008 22:22:39 -0000http://sourceforge.net4037fcbdd9b28789c27b73a848702496fec35dbcGPSylon 0.5.3 releasedhttp://sourceforge.net/p/gpsmap/news/2007/04/gpsylon-053-released/<div class="markdown_content"><p>just a view minor changes: better logging, mouse wheel support, garmin edge support.<br />
have fun...</p></div>Christof DallermasslWed, 25 Apr 2007 09:12:23 -0000http://sourceforge.net57754aac347a25ed4bed8e5fbfdb604d33b83d75GPSylon 0.5.2 Releasehttp://sourceforge.net/p/gpsmap/news/2006/10/gpsylon-052-release/<div class="markdown_content"><p>GPSylon is a moving map application written in java, so it's completely plattform independent!</p>
<p>Finally, the serial communication code is working on windows and linux systems out of the box (no other systems to try!). </p>
<p>No installation of java serial library needed (rxtx library for windows, linux, SunOS and Mac (Darwin) is included)! </p>
<p>Fixed a couple of bugs (mostly on windows systems).</p>
<p>Added gpx export for tracks.</p></div>Christof DallermasslMon, 23 Oct 2006 16:54:12 -0000http://sourceforge.net90a2f0eebf60a89aa915579f6dd617a647d823abNew Prereleasehttp://sourceforge.net/p/gpsmap/news/2006/06/new-prerelease/<div class="markdown_content"><p>A new prerelease of Gpsylon was released. The major change is that no installation of the native rxtx libraries are necessary anymore (when using the included batch/shell scripts).</p></div>Christof DallermasslMon, 26 Jun 2006 08:08:30 -0000http://sourceforge.net2800993929457f4eb466ec380ff481f9fe18e41dSmall bugfixes, new releasehttp://sourceforge.net/p/gpsmap/news/2006/02/small-bugfixes-new-release/<div class="markdown_content"><p>Reading gpx files was fixed.</p></div>Christof DallermasslFri, 10 Feb 2006 13:40:45 -0000http://sourceforge.netcd93431f83abb0a623964455e6c44a3e21a79a05New Releasehttp://sourceforge.net/p/gpsmap/news/2006/02/new-release/<div class="markdown_content"><p>This release does not add any new features. It is just a fix for the broken serial communication (Sun introduced a new CommApi, which is not compatible to the rxtx.org packages anymore). Additionally some code cleanup was done. The classes dealing with communication to gps devices were separated to build a library on their own. </p></div>Christof DallermasslWed, 01 Feb 2006 07:43:09 -0000http://sourceforge.net2b89d08f709fe94787ba8bf4890819e183a55fd9Screenshot for Garmin Geko workshttp://sourceforge.net/p/gpsmap/news/2003/10/screenshot-for-garmin-geko-works/<div class="markdown_content"><p>in the latest release (0.4.15-pre8) the screenshot function works also for Garmin Geko (tested with 201). The functionality for Streetpilot III is more or less working, but my device always powered down after sending 10 lines. So this is not finished, but feedback is highly welcome!</p></div>Christof DallermasslWed, 15 Oct 2003 10:32:35 -0000http://sourceforge.net94b87ca8c3cc8d96955e98b98f092de9f90c8bd0